From 5a5611d65e5ebc33fb21fd19206e8a7e5baa8cad Mon Sep 17 00:00:00 2001 From: Pulumi Bot <30351955+pulumi-bot@users.noreply.github.com> Date: Mon, 9 Dec 2024 17:06:38 -0800 Subject: [PATCH] Update GitHub Actions workflows. (#964) This PR was automatically generated by the update-workflows-ecosystem-providers workflow in the pulumi/ci-mgmt repo, from commit 7420998a8bb5f45102a45aadd31dde676da6d1d2. --- .github/actions/setup-tools/action.yml | 4 +-- .github/workflows/build_provider.yml | 30 +++++++++++++++++++++- .github/workflows/build_sdk.yml | 2 +- .github/workflows/community-moderation.yml | 2 +- .github/workflows/prerequisites.yml | 8 +++--- .github/workflows/pull-request.yml | 4 +-- upstream.sh | 2 +- 7 files changed, 40 insertions(+), 12 deletions(-) diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 6a711d418..13f815836 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -30,7 +30,7 @@ runs: - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') - uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 with: tag: v0.0.46 repo: pulumi/pulumictl @@ -43,7 +43,7 @@ runs: - name: Install Schema Tools if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') - uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 + uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0 with: repo: pulumi/schema-tools diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index 7f19d5283..373dc0973 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -50,8 +50,36 @@ jobs: path: provider/cmd/pulumi-resource-artifactory - name: Restore makefile progress run: make --touch provider schema - - name: Build & package provider + + - name: Build provider + if: matrix.platform.os != 'windows' + run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-artifactory + + - name: Build windows provider + if: matrix.platform.os == 'windows' + run: make bin/${{ matrix.platform.os }}-${{ matrix.platform.arch }}/pulumi-resource-artifactory.exe + + - name: Sign windows provider + if: matrix.platform.os == 'windows' + run: | + az login --service-principal \ + -u ${{ secrets.AZURE_SIGNING_CLIENT_ID }} \ + -p ${{ secrets.AZURE_SIGNING_CLIENT_SECRET }} \ + -t ${{ secrets.AZURE_SIGNING_TENANT_ID }} \ + -o none; + + wget https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar; + + java -jar jsign-6.0.jar \ + --storetype AZUREKEYVAULT \ + --keystore "PulumiCodeSigning" \ + --url ${{ secrets.AZURE_SIGNING_KEY_VAULT_URI }} \ + --storepass "$(az account get-access-token --resource "https://vault.azure.net" | jq -r .accessToken)" \ + bin/windows-amd64/pulumi-resource-artifactory.exe; + + - name: Package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} + - name: Upload artifacts uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index d7868306e..067b8a3ba 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -48,7 +48,7 @@ jobs: with: persist-credentials: false - name: Cache examples generation - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: | .pulumi/examples-cache diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index 7bb3b1446..a925444f5 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -25,7 +25,7 @@ jobs: - if: steps.sdk_changed.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository name: Send codegen warning as comment on PR - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 59c3603f5..17ad477d5 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -54,7 +54,7 @@ jobs: with: set-env: 'PROVIDER_VERSION' - name: Cache examples generation - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: | .pulumi/examples-cache @@ -84,10 +84,10 @@ jobs: } >> "$GITHUB_ENV" - if: inputs.is_pr && inputs.is_automated == false name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - comment_tag: schemaCheck + github-token: ${{ secrets.GITHUB_TOKEN }} + comment-tag: schemaCheck message: >+ ${{ env.SCHEMA_CHANGES }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index e4fdca12c..8d600bc59 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -31,9 +31,9 @@ jobs: with: persist-credentials: false - name: Comment PR - uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} message: > PR is now waiting for a maintainer to run the acceptance tests. diff --git a/upstream.sh b/upstream.sh index 640b83632..ce90039c3 100755 --- a/upstream.sh +++ b/upstream.sh @@ -286,7 +286,7 @@ rebase() { interactive_flag="--interactive" fi if ! git rebase --onto "${onto}" ${interactive_flag}; then - echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory." + echo "Rebase failed. Please resolve the conflicts and run 'git rebase --continue' in the upstream directory. Once the rebase is complete, run '${original_exec} check_in' to write to commits back to patches." exit 1 fi cd ..